Privacy Policy
1. Introduction
PinTech News, LLC ("PinTech," "we," "us," or "our") operates the PinTech mobile application (the "App"), a news-centric social network available on iOS and Android. This Privacy Policy explains what data we collect, how we use it, who we share it with, and your rights under applicable privacy laws.
We are committed to privacy by design. This policy covers users in all jurisdictions, with specific provisions for the European Union (GDPR), California (CCPA), and India (DPDP Act).
If you have questions about this policy, contact us at frank.pintech@proton.me.
2. Data We Collect
2.1 Registration Data
When you create an account, we collect the following information:
- Full Name — to identify you within the App
- Email Address — for authentication, account recovery, and essential communications
- Password — stored as a cryptographic hash, never in plaintext
- Date of Birth — for age verification and demographic analytics
- Country — for jurisdiction-specific compliance and regional analytics
- Gender — for demographic analytics (options: Male, Female, Non-binary, Prefer not to say)
- State / Region — for regional analytics
2.2 Behavioral Data
As you use the App, we collect:
- Post Reactions — which reaction type (Agree, Disagree, Shocked, Sad, Angry, Happy) you apply to news posts
- Comments — text content of comments you post (280 character limit)
- Comment Reactions — reactions you apply to other users' comments
- Reading Patterns — which news posts you view and interact with
- Search Queries — terms you search for within the App
- Interest Selections — news categories you select during onboarding (Politics, Technology, Sports, Entertainment, Business, Science, World)
2.3 Consent Records
We maintain an immutable audit trail of your privacy choices, including when you opt in or out of data sale. These records are append-only and cannot be modified or deleted, ensuring full compliance accountability.
2.4 Data We Do NOT Collect
- We do not collect race or ethnicity data
- We do not collect precise geolocation
- We do not collect contacts, photos, or device sensor data
- We do not collect financial or payment information
3. How We Use Your Data
3.1 App Personalization
- Feed Algorithm — your interest selections and reading patterns determine which news posts appear in your feed and in what order
- Notifications — we notify you about reactions to your comments and breaking news in your interest categories
- XP System — reactions on your comments generate experience points displayed on the leaderboard
3.2 Aggregated Anonymous Insights
We use behavioral data to generate aggregated, anonymized insights for business-to-business (B2B) clients. This is our revenue model.
Example output: "68% of males aged 18-25 in Maharashtra reacted negatively to Policy X."
These insights contain no individual user data — they are statistical summaries derived from the collective behavior of our user base.
4. Anonymization Process
Before any data is used for B2B insights, it goes through a strict anonymization pipeline:
- Strip Identifiers — user IDs, names, email addresses, and all personally identifiable information are removed
- Generalize Age — exact dates of birth are converted to age brackets (e.g., 18-25, 26-35)
- Aggregate by Region — data is grouped by country or state/region, never attributed to individuals
- Aggregate by Demographic — data is grouped by demographic categories, never linked to specific users
The resulting datasets qualify as anonymized data under GDPR (Recital 26), CCPA, and India's DPDP Act, and are therefore not classified as personal data under any of these laws.
5. Data Sharing
5.1 What We Share
We sell aggregated, anonymized insights to B2B clients, which may include:
- Political campaigns and policy organizations
- Marketing agencies and consumer research firms
- Entertainment companies and media organizations
5.2 What We NEVER Share
- We never sell, license, or disclose individual user data
- We never share your name, email, or any personally identifiable information with B2B clients
- We never provide clients with the ability to identify, contact, or target individual users
5.3 Service Providers
We use the following service providers to operate the App:
- Supabase — database hosting, authentication, and real-time services (data stored on AWS infrastructure)
- Expo / EAS — mobile app build and distribution services
These providers process data on our behalf and are bound by data processing agreements.
6. Your Privacy Rights
6.1 All Users
All users, regardless of jurisdiction, can:
- Access their personal data through their Profile screen
- Correct their personal data through Edit Profile
- Delete their account and all associated data through Settings > Delete Account
- Control data sale preferences through Settings > Privacy Controls
6.2 European Union Residents (GDPR)
Under the General Data Protection Regulation, you have the right to:
- Access — request a copy of all personal data we hold about you
- Rectification — request correction of inaccurate data
- Erasure — request deletion of your data ("right to be forgotten")
- Data Portability — request your data in a machine-readable format
- Withdraw Consent — where processing is based on consent (e.g., data sale), revoke it at any time via Privacy Controls
- Object — object to processing of your data for specific purposes
- Lodge a Complaint — file a complaint with your local data protection authority
Legal Basis for Processing: Contract performance (Article 6(1)(b) GDPR) for core service data (reactions, comments, feed personalization). Consent (Article 6(1)(a) GDPR) for data sale to B2B clients, manageable through Privacy Controls.
6.3 California Residents (CCPA)
Under the California Consumer Privacy Act, you have the right to:
- Know — request disclosure of what personal information we collect, use, and share
- Delete — request deletion of your personal information
- Opt-Out of Sale — opt out of the sale of your personal information via the "Data Sale Opt-Out" toggle in Privacy Controls
- Non-Discrimination — we will not discriminate against you for exercising your CCPA rights
Note: Even when you opt out of data sale, your data may still contribute to aggregated anonymous datasets that do not constitute personal information under CCPA.
6.4 India Residents (DPDP Act)
Under India's Digital Personal Data Protection Act, you have the right to:
- Consent Withdrawal — withdraw your consent for data processing at any time via Privacy Controls
- Data Deletion — request complete deletion of your data via Settings > Delete Account
- Grievance Redressal — contact us with any privacy-related grievances at frank.pintech@proton.me
- Nominate — nominate another person to exercise your rights in case of your death or incapacity
7. In-App Privacy Controls
You can manage your privacy preferences directly in the App under Settings > Privacy Controls:
| Control | Description |
|---|---|
| Data Sale Opt-Out | Toggle on to opt out of having your data included in aggregated insights sold to third parties (CCPA right) |
Core app data (reactions, comments, interests) is collected as part of the service and cannot be toggled off — it is required for the app to function. This processing is based on contract performance (GDPR Article 6(1)(b)), not consent.
All changes to privacy controls are recorded immediately with a timestamp in an immutable audit trail. You can change these settings at any time.
8. Data Retention
- Active Accounts — we retain your data for as long as your account is active
- Deleted Accounts — when you delete your account, all associated personal data is permanently deleted via cascading deletion across all database tables (profile, reactions, comments, interests, notifications, consent records)
- Anonymized Data — aggregated anonymous datasets that have already been generated are retained indefinitely, as they contain no personal data
- News Posts — news content is retained independently of user data, as it is sourced from public RSS feeds
9. Children's Privacy
PinTech is intended for users aged 18 and older. This requirement applies globally, regardless of your country of residence.
Age is verified at registration based on the date of birth you provide. If we discover that a user is under 18 years of age, we will terminate their account and delete all associated data.
We do not knowingly collect personal data from anyone under 18. If you believe a minor has created an account, please contact us at frank.pintech@proton.me so we can take appropriate action.
10. Data Security
We implement the following security measures to protect your data:
- Row-Level Security (RLS) — enforced on all database tables, ensuring users can only access their own data
- Encrypted Authentication — passwords are cryptographically hashed, never stored in plaintext
- Secure API Communication — all data transmitted between the App and our servers is encrypted via HTTPS/TLS
- Access Controls — news pipeline writes use a separate service role with restricted permissions
- Audit Trail — all consent changes are logged in an append-only, immutable record
11. Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes:
- We will update the "Last Updated" date at the top of this document
- We will notify you via in-app notification
- Continued use of the App after changes constitutes acceptance of the updated policy
12. Contact Us
For privacy-related questions, data requests, or grievances:
- Email: frank.pintech@proton.me
- Company: PinTech News, LLC
We aim to respond to all privacy requests within 30 days.